Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • How often should I rotate my ssh keys?

    My story for today is about ssh and how even public keys, while much better than simple passwords, are still not a perfect solution.

    The danger is credential theft, which is a fancy way of saying “someone stole your private keys.” Back in the 1990s, that problem was pretty far from our minds; Windows 98 didn’t even have the concept of a separate administrator account, never mind the idea of app sandboxing or the inkling that someone might intentionally want to load malware onto your computer and encrypt all your files for ransomware. Those were the days when some people thought ActiveX controls (essentially loading .exe files from web sites) might be a good idea. Actually, maybe even a great idea as long as there was an “are you sure?” dialog box first.

  • 4 of the Best LastPass Alternatives

    LastPass has recently changed its free account usage policy to be only available on one device, and a lot of its users are not happy about it. If you are a LastPass Free user and are looking to switch, here are four great LastPass alternatives you should check out. These services reserve their pricing tiers for more advanced, business-oriented users while still leaving free users with a powerful set of features to safeguard their online accounts data.

  • Security updates for Thursday

    Security updates have been issued by Arch Linux (ansible-base, keycloak, mumble, and postgresql), Debian (firefox-esr and nodejs), Fedora (dotnet3.1, dotnet5.0, keylime, php-horde-Horde-Text-Filter, radare2, scap-security-guide, and wireshark), openSUSE (postgresql, postgresql13 and python-djangorestframework), Red Hat (Ansible, firefox, and thunderbird), Scientific Linux (firefox and thunderbird), SUSE (php7, postgresql-jdbc, python-cryptography, rpmlint, and webkit2gtk3), and Ubuntu (dnsmasq, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon, linux-oem-5.10, linux-oem-5.6, screen, and xterm).

  • Biden signs executive order calling for semiconductor supply chain review

    President Biden signed an executive order Wednesday addressing growing concern over a global semiconductor shortage hampering the production of goods like automobiles and smartphones.

    The White House’s executive order directs the federal government to conduct 100-day reviews of supply chains in four sets of products, including computer chips and large capacity batteries, like those used in electric vehicles, according to administration officials.

  • Biden Orders Review to Shore Up Supply Chain Resiliency

    On top of the 100-day review of the four key industries, Biden’s order will also direct yearlong reviews for six sectors: defense, public health, information technology, transportation, energy and food production.

    Biden said his administration will implement the recommendations as soon as they are available. “We're not going to wait for the review to be completed before we start closing the existing gaps,” he said.

  • Technology Executives Say All Evidence Points To Russia In Major Hack Of Computer Networks

    Smith told the committee that the true scope of the intrusions is still unknown because most victims are not legally required to disclose attacks unless they involve sensitive information about individuals.

  • Finnish IT Giant Hit with Ransomware Cyberattack [iophk: Windows TO]

    Norwegian business journal E24 reported the attack on Espoo, Finland-based TietoEVRY on Tuesday, claiming to have spoken with Geir Remman, a communications director at the company. Remman acknowledged technical problems with several services that TietoEVRY provides to 25 customers, which are “due to a ransom attack,” according to the report.

    Remman told E24 that the company considers the attack “a serious criminal act.” TietoEVRY turned off the unspecified services and infrastructure affected “as a preventative measure” until it can recover relevant data, and restart systems “in a controlled manner,” he said.

More in Tux Machines

Dialog on Raspberry Pi and CM4

  • Beautiful Terminal User Interface with Dialog and Raspberry PI

    Writing terminal scripts for Linux on shell can need at some point getting user inputs from a graphic box. A common and elegant solution uses Dialog (also available on Raspberry PI) to create terminal user interfaces, able to interact with user mouse In this tutorial I’m going to show how to install and use Dialog on Raspberry PI, as in many debian-based linux distributions. Dialog is an application allowing to create text user interface widgets from a shell script, without the need for a desktop environment. An appreciated feature from dialog is that it provides users with the ability to interact with your boxe from a mouse.

  • MirkoPC -> CM4 carrier board

    Carrier board for Raspberry Pi Compute Module 4.

Author on Vim and Jobs Outside Tech

  • F(r)iction: Or How I Learnt to Stop Worrying and Start Loving Vim

    It is Dec 2009, and I am ready to quit my job. I wanted to focus on writing my first book; neither my commitments at work nor the state of technology was helping. Writing is hard work. Few tasks in the modern world can be as singular – or as daunting – a pursuit as sitting down in front of a blank piece of paper, and asking your brain to vomit out words that communicate an idea to readers. I am not suggesting that writing can’t be collaborative of course, but merely illustrating how daunting it can be for writers to set off on a new piece by themselves. This is true for fiction and non-fiction writing, but since I am a novelist I’d like to focus primarily on fiction in this article.

  • What job did you do before tech?

    Who doesn't love a trip down memory lane? When recounting our career paths, they're often crooked and veer in unexpected directions. Many of us take pride in that. We trusted our intuition or a friend's advice and it led to experiences we'll never forget that shaped who we are today. And where we are today. I asked our community of writers to share a little bit about what kind of jobs they had before they got into tech. Here are 13 of them you're sure to enjoy.

Debian: IMA/EVM Certificates and EasyOS Updates

  • Russell Coker: IMA/EVM Certificates

    I’ve been experimenting with IMA/EVM. Here is the Sourceforge page for the upstream project [1]. The aim of that project is to check hashes and maybe public key signatures on files before performing read/exec type operations on them. It can be used as the next logical step from booting a signed kernel with TPM. I am a long way from getting that sort of thing going, just getting the kernel to boot and load keys is my current challenge and isn’t helped due to the lack of documentation on error messages. This blog post started as a way of documenting the error messages so future people who google errors can get a useful result. I am not trying to document everything, just help people get through some of the first problems. I am using Debian for my work, but some of this will apply to other distributions (particularly the kernel error messages). The Debian distribution has the ima-evm-utils but no other support for IMA/EVM. To get this going in Debian you need to compile your own kernel with IMA support and then boot it with kernel command-line options to enable IMA, in recent kernels that includes “lsm=integrity” as a mandatory requirement to prevent a kernel Oops after mounting the initrd (there is already a patch to fix this).

  • Flsynclient compiled in OE for next Easy

    Psynclient is a good idea, it is a shell script that uses gtkdialog. But we have had trouble with it. We used to use 'flsynclient', which is a compiled binary that uses the FLTK GUI library. Back in the Pyro-series, I compiled it in OpenEmbedded, but failed in the Dunfell OE. FLTK is a C++ library, and a change in the GNU compiler broke the build in the OE cross-compile environment.

  • Foomatic PPDs now in EasyOS

    ...his post has a link to another post, reporting "filter failure". I don't know about that, however a first step will be to put all the PPDs into EasyOS. I previously thought that I had to install 'foomatic-db-engine' and 'foomatic-db' to get the PPDs, however, Debian has a DEB with them already extracted, named 'foomatic-db-compressed-ppds' -- which does not require the previous two DEBs. There is a package 'foomatic-filters', which provides an executable 'foomatic-rip', however, 'cups-filters' provides that executable. So also, 'foomatic-filters' is not required.

Android Leftovers